Logfile of random's system information tool 1.09 (written by random/random)
Run by Jana Marešová at 2012-10-10 17:55:39
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 315 GB (67%) free of 471 GB
Total RAM: 2013 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:55:49, on 10.10.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jana Marešová\Data aplikací\14.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jana Marešová\Dokumenty\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Jana Marešová.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={621E3FCC- ... 2012-03-19 20:13:15&v=12.2.5.32&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/sphome.aspx?mkt={SUB_RFC1766}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" //eml:C:\Documents and Settings\Jana Mare?ová\Local Settings\Temporary Internet Files\Content.IE5\R0W2GG2C\FW_%20pijte%20vodu%20-%20v?echno%20je%20zase%20jinak%20![1].eml
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Xsjejb] C:\Documents and Settings\Jana Marešová\Data aplikací\Xsjejb.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 9899695359
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater12.2.6 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
--
End of file - 12413 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\eiwf.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2482482263-1632091086-2385584113-500Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2482482263-1632091086-2385584113-500UA.job
C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{8CA9B768-E5E1-4E9A-9288-8A6409321C27}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll [2012-08-30 1734240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402c-BA80-02D8C59F9B1D}]
Ask Search Assistant BHO - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL [2010-07-23 57344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-22 192144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-08-13 4120256]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [2012-08-26 1002992]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-08-08 1527496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2010-07-23 245760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} - Ask Toolbar - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL [2010-07-23 245760]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2012-08-08 1527496]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-10-21 1219152]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll [2012-08-30 1734240]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-22 192144]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2009-08-26 141336]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2009-08-26 173592]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2009-08-26 142872]
"SetRefresh"=C:\Program Files\Compaq\SetRefresh\SetRefresh.exe [2003-11-21 525824]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-10-16 18782720]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2012-08-08 1644744]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-08-30 947808]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 947176]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"ROC_ROC_JULY_P1"=C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe [2012-08-30 1022048]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-07-23 39408]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-06-17 2363392]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"Xsjejb"=C:\Documents and Settings\Jana Marešová\Data aplikací\Xsjejb.exe []
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Jana Marešová\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2009-08-14 206848]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\windows\system32\CNAB4RPK.EXE"="C:\windows\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\UT2004Demo\System\UT2004.exe"="C:\UT2004Demo\System\UT2004.exe:*:Enabled:UT2004"
"C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe"="C:\Program Files\Ubisoft\Crytek\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"C:\windows\system32\PnkBstrA.exe"="C:\windows\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\windows\system32\PnkBstrB.exe"="C:\windows\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"msacm.divxa32"=msaud32_divx.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2012-10-10 17:55:39 ----D---- C:\rsit
2012-10-10 17:55:39 ----D---- C:\Program Files\trend micro
2012-10-10 17:48:24 ----A---- C:\Documents and Settings\Jana Marešová\Data aplikací\14.exe
2012-10-10 16:00:57 ----A---- C:\Documents and Settings\Jana Marešová\Data aplikací\2EB.exe
2012-09-12 08:56:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2736233$
======List of files/folders modified in the last 1 month======
2012-10-10 17:55:46 ----D---- C:\WINDOWS\Prefetch
2012-10-10 17:55:39 ----RD---- C:\Program Files
2012-10-10 17:54:29 ----D---- C:\Documents and Settings\Jana Marešová\Data aplikací\Skype
2012-10-10 17:25:42 ----SD---- C:\WINDOWS\Tasks
2012-10-10 17:21:59 ----D---- C:\WINDOWS\Temp
2012-10-10 17:16:13 ----D---- C:\WINDOWS\system32\CatRoot2
2012-10-10 17:14:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-09-27 08:38:50 ----D---- C:\windows
2012-09-26 23:31:13 ----SHD---- C:\WINDOWS\Installer
2012-09-26 23:31:03 ----HD---- C:\WINDOWS\inf
2012-09-26 23:31:03 ----D---- C:\WINDOWS\system32\drivers
2012-09-26 23:31:02 ----D---- C:\Program Files\Microsoft Security Client
2012-09-22 11:13:04 ----D---- C:\WINDOWS\system32
2012-09-22 11:00:43 ----RSHD---- C:\WINDOWS\system32\dllcache
2012-09-22 11:00:41 ----D---- C:\Program Files\Internet Explorer
2012-09-22 11:00:36 ----D---- C:\WINDOWS\ie8updates
2012-09-22 11:00:22 ----HD---- C:\WINDOWS\$hf_mig$
2012-09-12 08:56:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2012-09-12 08:56:35 ----A---- C:\WINDOWS\imsins.BAK
2012-09-12 08:55:02 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\System32\DRIVERS\iaStor.sys [2009-06-05 330264]
R0 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2012-08-30 193552]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2011-09-27 691696]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-05-15 214024]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-05-15 55336]
R1 MpKsl2cacfd32;MpKsl2cacfd32; \??\c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{93A3E682-B1A3-4191-8FB5-DD45A9A18A5E}\MpKsl2cacfd32.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-08-05 278984]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-08-05 25416]
R2 regi;regi; C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 11032]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2009-08-14 6317216]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-10-20 5933568]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2005-09-21 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-03-08 220112]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\system32\DRIVERS\p3.sys [2008-04-14 46592]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-10-24 117760]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2008-04-14 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\system32\DRIVERS\wADV01nt.sys [2008-04-14 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\system32\DRIVERS\wADV02NT.sys [2008-04-14 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\system32\DRIVERS\wADV05NT.sys [2008-04-14 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys [2008-04-14 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys [2008-04-14 19455]
S3 iAimFP5;iAimFP5; C:\WINDOWS\system32\DRIVERS\wADV07nt.sys [2008-04-14 11807]
S3 iAimFP6;iAimFP6; C:\WINDOWS\system32\DRIVERS\wADV08nt.sys [2008-04-14 11295]
S3 iAimFP7;iAimFP7; C:\WINDOWS\system32\DRIVERS\wADV09nt.sys [2008-04-14 11871]
S3 iAimTV0;iAimTV0; C:\WINDOWS\system32\DRIVERS\wATV01nt.sys [2008-04-14 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\system32\DRIVERS\wATV02NT.sys [2008-04-14 19551]
S3 iAimTV3;iAimTV3; C:\WINDOWS\system32\DRIVERS\wATV04nt.sys [2008-04-14 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys [2008-04-14 23615]
S3 iAimTV5;iAimTV5; C:\WINDOWS\system32\DRIVERS\wATV10nt.sys [2008-04-14 25471]
S3 iAimTV6;iAimTV6; C:\WINDOWS\system32\DRIVERS\wATV06nt.sys [2008-04-14 22271]
S3 MfeAVFK;McAfee Inc. MfeAVFK; C:\WINDOWS\system32\drivers\MfeAVFK.sys [2009-05-15 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK; C:\WINDOWS\system32\drivers\MfeBOPK.sys [2009-05-15 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\WINDOWS\system32\drivers\MfeRKDK.sys [2009-05-15 34248]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 adpu320;adpu320; C:\WINDOWS\system32\DRIVERS\adpu320.sys [2002-05-09 105472]
S4 Symmpi;Symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2002-04-04 28416]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-10-12 66872]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-08-30 722528]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-23 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-03 160944]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-23 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-26 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
skype vir (pro Mc_Murphyho)
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: skype vir (pro Mc_Murphyho)
Ahoj Jani. 
Mno, je to tedy řádně zaflákané. Kromě Skype viru tam bude i nějaký ten trojský koníček.
Tak tedy jdeme na to, bude toho víc, takže prosím - pečlivě číst celé návody, případně si i dělat poznámky na papír, abys měla postup v případě, že Ti vypadne internet nebo něco během léčby!
Nejprve stáhni RKill z tohoto odkazu - http://download.bleepingcomputer.com/grinler/rkill.com
PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ RÁDCE TOHOTO FÓRA, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK
Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Mno, je to tedy řádně zaflákané. Kromě Skype viru tam bude i nějaký ten trojský koníček.
Tak tedy jdeme na to, bude toho víc, takže prosím - pečlivě číst celé návody, případně si i dělat poznámky na papír, abys měla postup v případě, že Ti vypadne internet nebo něco během léčby!
Nejprve stáhni RKill z tohoto odkazu - http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havěť blokuje, použij jeden z následujících (i ty přejmenované):
- RKill EXE - http://download.bleepingcomputer.com/grinler/rkill.exe
RKill iExplore.exe - http://download.bleepingcomputer.com/gr ... xplore.exe
RKill uSeRiNiT.exe - http://download.bleepingcomputer.com/gr ... eRiNiT.exe
RKill WiNlOgOn.exe - http://download.bleepingcomputer.com/gr ... NlOgOn.exe
- RKill EXE - http://download.bleepingcomputer.com/grinler/rkill.exe
- Utilitu ulož nejlépe na Plochu a ukonči všechny aplikace (jinak to RKill udělá za Tebe)!
- Spusť dvojklikem - program proběhne téměř okamžitě a ukončí i svou činnost.
- RKill ukončí všechny nesystémové procesy - tedy i procesy, pod kterými běží havěť.
- Na Ploše vznikne log RKill.txt - ten mi sem vlož.
- TEĎ NERESTARTUJ PC - přišel bys o účinek RKillu!!
PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ RÁDCE TOHOTO FÓRA, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
- Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
- Pokud máš operační systém Windows XP, spusť pod účtem Správce/Administrator.
- Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
- Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
- Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
- Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
- Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
- Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix
-
-
- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: skype vir (pro Mc_Murphyho)
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 10/10/2012 06:39:17 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* Update [Missing Service]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 10/10/2012 06:39:39 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 10/10/2012 06:39:17 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* Update [Missing Service]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 10/10/2012 06:39:39 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
Re: skype vir (pro Mc_Murphyho)
Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 10/10/2012 06:39:17 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* Update [Missing Service]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 10/10/2012 06:39:39 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 10/10/2012 06:39:17 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* Update [Missing Service]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 10/10/2012 06:39:39 PM
Execution time: 0 hours(s), 0 minute(s), and 21 seconds(s)
Re: skype vir (pro Mc_Murphyho)
ComboFix 12-10-10.02 - Jana Marešová 10.10.2012 19:09:16.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1321 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jana MareÜovß\Dokumenty\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jana Marešová\Data aplikací\14.exe
c:\documents and settings\Jana Marešová\Data aplikací\2EB.exe
c:\documents and settings\Jana Marešová\Data aplikací\6B.exe
c:\documents and settings\Jana Marešová\Data aplikací\6C.exe
c:\documents and settings\Jana Marešová\Data aplikací\AE.exe
c:\documents and settings\Microsoft Office\Media
c:\documents and settings\Microsoft Office\Media\CAGCAT10\1029\CAGCAT10.MML
c:\documents and settings\Microsoft Office\Media\CAGCAT10\CAGCAT10.DLL
c:\documents and settings\Microsoft Office\Media\CAGCAT10\CAGCAT10.MMW
c:\documents and settings\Microsoft Office\Media\CAGCAT10\ELPHRG01.WAV
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0088542.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0090070.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0090386.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0149407.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0149481.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0149627.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0149887.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0157763.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0157995.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0158007.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0183168.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0183290.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0183328.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0185604.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0186002.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0186348.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0187423.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0195384.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0195534.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0195812.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0196164.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0196374.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0196400.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199036.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199283.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199549.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199661.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199727.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199755.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199805.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0205462.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0205466.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0205582.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0211949.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0212219.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0212661.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0212701.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0212957.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0214098.WAV
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0215086.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0216516.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0216588.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0216724.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0216858.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0217698.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0221903.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0222015.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0222017.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0222019.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0222021.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0229385.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0229389.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0230876.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0233018.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0233070.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0233312.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0234131.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0234266.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0234657.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0234687.GIF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0235241.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0235319.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0240695.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0240719.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0251301.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0251871.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0251925.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0252349.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0278882.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0281904.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0283209.GIF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0284916.JPG
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285360.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285410.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285444.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285698.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285750.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285926.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0286034.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0286068.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0287005.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0291984.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0292020.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0292152.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0292982.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293234.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293236.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293238.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293240.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293570.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293828.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293844.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0295241.GIF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0297185.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0297551.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0297707.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0297749.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0298653.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0298897.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0299125.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0299171.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0299587.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0299611.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0299763.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0300520.GIF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0300840.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0300912.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0301050.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0301076.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0301252.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0301480.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0302827.JPG
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0302953.JPG
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0304933.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0305257.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0305493.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0315447.JPG
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0332268.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0332364.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0335112.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0336075.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\1029\OFFICE10.MML
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\AUTOSHAP.DLL
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18180_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18181_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18182_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18184_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18185_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18187_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18189_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18190_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18191_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18192_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18193_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18194_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18196_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18197_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18198_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18199_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18200_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18201_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18202_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18203_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18204_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18205_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18206_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18207_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18208_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18209_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18210_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18211_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18212_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18213_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18214_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18215_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18216_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18217_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18218_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18219_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18220_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18221_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18222_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18223_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18224_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18225_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18226_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18227_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18228_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18229_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18230_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18231_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18232_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18233_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18234_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18235_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18236_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18237_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18238_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18239_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18241_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18242_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18243_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18244_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18245_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18246_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18247_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18248_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18249_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18250_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18251_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18252_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18253_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18254_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18255_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18256_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18257_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10253_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10254_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10255_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10263_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10264_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10265_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10266_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10267_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10268_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10297_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10298_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10299_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10300_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10301_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10302_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10335_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10336_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10337_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14513_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14514_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14515_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14528_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14529_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14530_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14531_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14532_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14533_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14565_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14578_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14579_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14580_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14581_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14582_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14583_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14654_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14655_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14656_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14691_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14692_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14693_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14752_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14753_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14754_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14755_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14756_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14757_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14790_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14791_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14792_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14793_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14794_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14795_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14828_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14829_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14830_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14831_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14832_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14833_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14866_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14867_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14868_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14869_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14870_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14871_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14980_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14981_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14982_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14983_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14984_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14985_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15018_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15019_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15020_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15021_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15022_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15023_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15056_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15057_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15058_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15059_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15060_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15061_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15132_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15133_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15134_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15135_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15136_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15168_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15169_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15170_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15171_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15172_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15173_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15272_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15273_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15274_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15275_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15276_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15277_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21294_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21295_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21296_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21297_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21298_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21299_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21300_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21301_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21302_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21304_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21306_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21308_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21310_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21312_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21314_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21316_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21327_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21329_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21331_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21333_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21335_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21337_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21339_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21342_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21343_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21344_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21364_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21365_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21366_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21375_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21376_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21377_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21398_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21399_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21400_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21421_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21422_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21423_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21433_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21434_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21435_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21480_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21481_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21482_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21503_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21504_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21505_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21518_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21519_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21520_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21533_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21534_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21535_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BULLETS.DLL
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115834.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115835.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115836.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115839.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115840.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115841.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115842.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115843.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115844.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115863.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115864.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115865.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115866.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115867.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115868.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10219_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10256_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10289_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10290_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10307_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10308_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10358_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14516_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14538_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14539_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14594_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14595_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14677_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14710_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14711_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14768_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14769_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14800_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14801_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14844_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14845_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14882_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14883_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14996_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14997_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15034_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15035_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15072_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15073_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15155_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15156_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15184_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15185_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15301_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15302_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21303_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21305_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21307_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21309_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21311_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21313_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21315_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21318_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21319_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21320_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21321_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21322_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21323_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21324_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21325_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21326_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21328_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21330_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21332_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21334_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21336_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21338_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21340_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21348_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21370_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21390_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21413_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21427_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21448_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21495_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21512_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21527_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21548_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\J0115855.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\J0115856.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\J0115875.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\J0115876.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\LINES.DLL
c:\documents and settings\Microsoft Office\Media\OFFICE11\OFFICE10.DLL
c:\documents and settings\Microsoft Office\Media\OFFICE11\OFFICE10.MMW
c:\program files\Nero-10.0.13100_trial.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3d419499305896fc.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\97c85649e1158fe8.fb
c:\windows\system32\Cache\984e9fb1d16ded77.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b061420d0a95b808.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-10 do 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 15:55 . 2012-10-10 15:55 -------- d-----w- C:\rsit
2012-10-10 15:55 . 2012-10-10 15:55 -------- d-----w- c:\program files\trend micro
2012-10-10 15:16 . 2012-10-10 15:16 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{93A3E682-B1A3-4191-8FB5-DD45A9A18A5E}\MpKsl2cacfd32.sys
2012-10-09 21:37 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{93A3E682-B1A3-4191-8FB5-DD45A9A18A5E}\mpengine.dll
2012-10-08 18:33 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 11:55 . 2010-07-23 17:15 2516 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2012-08-30 21:07 . 2012-08-30 21:07 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-30 20:03 . 2010-03-25 19:30 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:18 . 2008-04-14 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 09:00 385024 ----a-w- c:\windows\system32\html.iec
2010-08-04 21:06 . 2010-08-04 21:06 180351392 ----a-w- c:\program files\Nero-7.9.6.0_eng_trial.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2010-07-23 57344]
.
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 21:07 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-08-08 16:15 1527496 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-08-08 1527496]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-30 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-08-08 1527496]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-23 39408]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-08-08 1644744]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-30 947808]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Jana Marešová\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\windows\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\windows\\system32\\PnkBstrA.exe"=
"c:\\windows\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2011 14:07 691696]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 23:07 27496]
R1 MpKsl2cacfd32;MpKsl2cacfd32;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{93A3E682-B1A3-4191-8FB5-DD45A9A18A5E}\MpKsl2cacfd32.sys [10.10.2012 17:16 29904]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13.10.2011 18:21 249648]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [30.8.2012 23:07 722528]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21.10.2011 16:23 196176]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 19:54 135664]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.8.2012 13:33 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 19:54 135664]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL2CACFD32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 17:54]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 17:54]
.
2012-10-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
2012-10-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-08-08 16:15]
.
2012-10-10 c:\windows\Tasks\User_Feed_Synchronization-{8CA9B768-E5E1-4E9A-9288-8A6409321C27}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = https://isearch.avg.com/?cid={621E3FCC- ... 2012-03-19 20:13&v=12.2.5.32&sap=hp
mStart Page = hxxp://www.bing.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //eml:c:\documents and settings\Jana Mare?ová\Local Settings\Temporary Internet Files\Content.IE5\R0W2GG2C\FW_%20pijte%20vodu%20-%20v?echno%20je%20zase%20jinak%20![1].eml
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Xsjejb - c:\documents and settings\Jana Marešová\Data aplikací\Xsjejb.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-10 19:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2482482263-1632091086-2385584113-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a6,b8,4b,03,9f,11,12,9d,20,13,d2,49,e5,e1,b6,72,7b,05,88,8e,ab,52,27,
23,4e,5a,59,b6,41,63,b6,18,e5,c0,95,f8,df,d1,e7,e3,c7,f0,3e,6f,97,c7,bd,2c,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2482482263-1632091086-2385584113-1006\Software\SecuROM\License information*]
"datasecu"=hex:b1,4f,fc,55,fe,e4,f2,17,8b,67,f3,3d,2c,56,a5,f0,c5,4e,21,c6,ca,
52,ef,b2,33,97,4d,f2,dd,cd,2b,21,36,16,62,a5,a5,8d,31,0c,e4,4f,a2,10,35,89,\
"rkeysecu"=hex:0c,1d,92,e9,af,2f,a4,15,46,53,bc,82,1d,b6,21,f0
.
Celkový čas: 2012-10-10 19:25:17
ComboFix-quarantined-files.txt 2012-10-10 17:25
.
Před spuštěním: Volných bajtů: 330 217 873 408
Po spuštění: Volných bajtů: 335 811 043 328
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EB3CEC508264AB8D5B2F45B54B79FC95
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1321 [GMT 2:00]
Spuštěný z: c:\documents and settings\Jana MareÜovß\Dokumenty\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Jana Marešová\Data aplikací\14.exe
c:\documents and settings\Jana Marešová\Data aplikací\2EB.exe
c:\documents and settings\Jana Marešová\Data aplikací\6B.exe
c:\documents and settings\Jana Marešová\Data aplikací\6C.exe
c:\documents and settings\Jana Marešová\Data aplikací\AE.exe
c:\documents and settings\Microsoft Office\Media
c:\documents and settings\Microsoft Office\Media\CAGCAT10\1029\CAGCAT10.MML
c:\documents and settings\Microsoft Office\Media\CAGCAT10\CAGCAT10.DLL
c:\documents and settings\Microsoft Office\Media\CAGCAT10\CAGCAT10.MMW
c:\documents and settings\Microsoft Office\Media\CAGCAT10\ELPHRG01.WAV
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0088542.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0090070.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0090386.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0149407.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0149481.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0149627.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0149887.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0157763.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0157995.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0158007.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0183168.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0183290.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0183328.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0185604.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0186002.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0186348.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0187423.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0195384.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0195534.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0195812.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0196164.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0196374.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0196400.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199036.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199283.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199549.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199661.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199727.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199755.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0199805.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0205462.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0205466.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0205582.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0211949.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0212219.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0212661.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0212701.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0212957.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0214098.WAV
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0215086.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0216516.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0216588.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0216724.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0216858.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0217698.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0221903.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0222015.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0222017.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0222019.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0222021.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0229385.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0229389.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0230876.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0233018.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0233070.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0233312.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0234131.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0234266.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0234657.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0234687.GIF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0235241.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0235319.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0240695.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0240719.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0251301.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0251871.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0251925.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0252349.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0278882.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0281904.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0283209.GIF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0284916.JPG
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285360.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285410.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285444.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285698.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285750.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0285926.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0286034.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0286068.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0287005.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0291984.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0292020.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0292152.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0292982.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293234.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293236.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293238.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293240.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293570.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293828.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0293844.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0295241.GIF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0297185.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0297551.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0297707.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0297749.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0298653.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0298897.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0299125.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0299171.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0299587.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0299611.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0299763.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0300520.GIF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0300840.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0300912.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0301050.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0301076.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0301252.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0301480.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0302827.JPG
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0302953.JPG
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0304933.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0305257.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0305493.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0315447.JPG
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0332268.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0332364.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0335112.WMF
c:\documents and settings\Microsoft Office\Media\CAGCAT10\J0336075.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\1029\OFFICE10.MML
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\AUTOSHAP.DLL
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18180_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18181_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18182_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18184_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18185_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18187_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18189_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18190_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18191_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18192_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18193_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18194_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18196_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18197_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18198_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18199_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18200_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18201_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18202_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18203_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18204_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18205_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18206_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18207_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18208_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18209_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18210_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18211_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18212_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18213_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18214_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18215_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18216_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18217_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18218_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18219_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18220_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18221_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18222_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18223_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18224_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18225_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18226_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18227_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18228_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18229_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18230_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18231_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18232_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18233_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18234_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18235_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18236_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18237_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18238_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18239_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18241_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18242_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18243_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18244_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18245_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18246_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18247_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18248_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18249_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18250_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18251_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18252_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18253_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18254_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18255_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18256_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\AUTOSHAP\BD18257_.WMF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10253_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10254_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10255_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10263_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10264_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10265_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10266_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10267_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10268_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10297_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10298_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10299_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10300_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10301_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10302_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10335_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10336_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD10337_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14513_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14514_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14515_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14528_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14529_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14530_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14531_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14532_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14533_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14565_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14578_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14579_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14580_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14581_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14582_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14583_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14654_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14655_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14656_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14691_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14692_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14693_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14752_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14753_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14754_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14755_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14756_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14757_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14790_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14791_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14792_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14793_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14794_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14795_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14828_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14829_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14830_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14831_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14832_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14833_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14866_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14867_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14868_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14869_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14870_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14871_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14980_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14981_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14982_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14983_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14984_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD14985_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15018_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15019_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15020_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15021_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15022_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15023_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15056_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15057_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15058_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15059_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15060_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15061_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15132_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15133_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15134_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15135_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15136_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15168_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15169_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15170_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15171_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15172_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15173_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15272_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15273_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15274_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15275_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15276_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD15277_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21294_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21295_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21296_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21297_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21298_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21299_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21300_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21301_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21302_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21304_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21306_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21308_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21310_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21312_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21314_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21316_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21327_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21329_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21331_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21333_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21335_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21337_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21339_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21342_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21343_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21344_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21364_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21365_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21366_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21375_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21376_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21377_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21398_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21399_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21400_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21421_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21422_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21423_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21433_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21434_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21435_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21480_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21481_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21482_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21503_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21504_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21505_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21518_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21519_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21520_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21533_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21534_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BD21535_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\BULLETS.DLL
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115834.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115835.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115836.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115839.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115840.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115841.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115842.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115843.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115844.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115863.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115864.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115865.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115866.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115867.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\BULLETS\J0115868.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10219_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10256_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10289_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10290_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10307_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10308_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD10358_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14516_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14538_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14539_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14594_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14595_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14677_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14710_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14711_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14768_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14769_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14800_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14801_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14844_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14845_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14882_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14883_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14996_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD14997_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15034_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15035_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15072_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15073_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15155_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15156_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15184_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15185_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15301_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD15302_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21303_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21305_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21307_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21309_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21311_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21313_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21315_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21318_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21319_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21320_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21321_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21322_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21323_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21324_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21325_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21326_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21328_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21330_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21332_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21334_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21336_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21338_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21340_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21348_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21370_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21390_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21413_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21427_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21448_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21495_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21512_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21527_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\BD21548_.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\J0115855.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\J0115856.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\J0115875.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\J0115876.GIF
c:\documents and settings\Microsoft Office\Media\OFFICE11\LINES\LINES.DLL
c:\documents and settings\Microsoft Office\Media\OFFICE11\OFFICE10.DLL
c:\documents and settings\Microsoft Office\Media\OFFICE11\OFFICE10.MMW
c:\program files\Nero-10.0.13100_trial.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3d419499305896fc.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\97c85649e1158fe8.fb
c:\windows\system32\Cache\984e9fb1d16ded77.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b061420d0a95b808.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-10 do 2012-10-10 )))))))))))))))))))))))))))))))
.
.
2012-10-10 15:55 . 2012-10-10 15:55 -------- d-----w- C:\rsit
2012-10-10 15:55 . 2012-10-10 15:55 -------- d-----w- c:\program files\trend micro
2012-10-10 15:16 . 2012-10-10 15:16 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{93A3E682-B1A3-4191-8FB5-DD45A9A18A5E}\MpKsl2cacfd32.sys
2012-10-09 21:37 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{93A3E682-B1A3-4191-8FB5-DD45A9A18A5E}\mpengine.dll
2012-10-08 18:33 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-10 11:55 . 2010-07-23 17:15 2516 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2012-08-30 21:07 . 2012-08-30 21:07 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-08-30 20:03 . 2010-03-25 19:30 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:18 . 2008-04-14 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 09:00 385024 ----a-w- c:\windows\system32\html.iec
2010-08-04 21:06 . 2010-08-04 21:06 180351392 ----a-w- c:\program files\Nero-7.9.6.0_eng_trial.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2010-07-23 57344]
.
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-08-30 21:07 1734240 ----a-w- c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-08-08 16:15 1527496 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-08-08 1527496]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-08-30 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-08-08 1527496]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-23 39408]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-26 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-26 142872]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-08-08 1644744]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-08-30 947808]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-08-30 1022048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Jana Marešová\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\windows\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\windows\\system32\\PnkBstrA.exe"=
"c:\\windows\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2011 14:07 691696]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [30.8.2012 23:07 27496]
R1 MpKsl2cacfd32;MpKsl2cacfd32;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{93A3E682-B1A3-4191-8FB5-DD45A9A18A5E}\MpKsl2cacfd32.sys [10.10.2012 17:16 29904]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13.10.2011 18:21 249648]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [30.8.2012 23:07 722528]
S2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21.10.2011 16:23 196176]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 19:54 135664]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13.8.2012 13:33 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [23.7.2010 19:54 135664]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - MPKSL2CACFD32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 17:54]
.
2012-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-23 17:54]
.
2012-10-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 15:25]
.
2012-10-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-08-08 16:15]
.
2012-10-10 c:\windows\Tasks\User_Feed_Synchronization-{8CA9B768-E5E1-4E9A-9288-8A6409321C27}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = https://isearch.avg.com/?cid={621E3FCC- ... 2012-03-19 20:13&v=12.2.5.32&sap=hp
mStart Page = hxxp://www.bing.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //eml:c:\documents and settings\Jana Mare?ová\Local Settings\Temporary Internet Files\Content.IE5\R0W2GG2C\FW_%20pijte%20vodu%20-%20v?echno%20je%20zase%20jinak%20![1].eml
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Xsjejb - c:\documents and settings\Jana Marešová\Data aplikací\Xsjejb.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-10 19:22
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2482482263-1632091086-2385584113-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a6,b8,4b,03,9f,11,12,9d,20,13,d2,49,e5,e1,b6,72,7b,05,88,8e,ab,52,27,
23,4e,5a,59,b6,41,63,b6,18,e5,c0,95,f8,df,d1,e7,e3,c7,f0,3e,6f,97,c7,bd,2c,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
.
[HKEY_USERS\S-1-5-21-2482482263-1632091086-2385584113-1006\Software\SecuROM\License information*]
"datasecu"=hex:b1,4f,fc,55,fe,e4,f2,17,8b,67,f3,3d,2c,56,a5,f0,c5,4e,21,c6,ca,
52,ef,b2,33,97,4d,f2,dd,cd,2b,21,36,16,62,a5,a5,8d,31,0c,e4,4f,a2,10,35,89,\
"rkeysecu"=hex:0c,1d,92,e9,af,2f,a4,15,46,53,bc,82,1d,b6,21,f0
.
Celkový čas: 2012-10-10 19:25:17
ComboFix-quarantined-files.txt 2012-10-10 17:25
.
Před spuštěním: Volných bajtů: 330 217 873 408
Po spuštění: Volných bajtů: 335 811 043 328
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - EB3CEC508264AB8D5B2F45B54B79FC95
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: skype vir (pro Mc_Murphyho)
Prosím, toto je moc důležité, přesuň ComboFix na systémový disk, rovnou do kořenového adresáře (bude tedy v umístění C:\ComboFix.exe). Na stejné místo přesuň i Tebou vytvořený script (bude tedy C:\CFScript.txt).
- Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
- Zkopíruj do něj tento script (pouze zelená písmenka v bílém poli!):
Kód: Vybrat vše
KillAll::
Driver::
avgtp
BBUpdate
vToolbarUpdater12.2.6
BBSvc
gupdate
gupdatem
Skype C2C Service
SkypeUpdate
Folder::
c:\program files\Ask.com
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Microsoft\BingBar
c:\program files\Common Files\AVG Secure Search
File::
c:\documents and settings\Jana Marešová\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
c:\windows\system32\drivers\avgtpx86.sys
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\Tasks\User_Feed_Synchronization-{8CA9B768-E5E1-4E9A-9288-8A6409321C27}.job
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"=-
[-HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=-
"Persistence"=-
"ApnUpdater"=-
"vProt"=-
"Adobe ARM"=-
"ROC_ROC_JULY_P1"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\windows\\system32\\CNAB4RPK.EXE"=-
DDS::
uStart Page = https://isearch.avg.com/?cid={621E3FCC-2001-47B4-85C4-03A05D2F4B02}&mid=da472a14a40a47d0bf211fbc72d5606d-510b77d700c5f43f461bf4904527c2b3619f8f2d&lang=cs&ds=gm011&pr=sa&d=2012-03-19 20:13&v=12.2.5.32&sap=hp
mStart Page = hxxp://www.bing.com
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe" //eml:c:\documents and settings\Jana Mare?ová\Local Settings\Temporary Internet Files\Content.IE5\R0W2GG2C\FW_%20pijte%20vodu%20-%20v?echno%20je%20zase%20jinak%20![1].eml
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
RegNull::
[HKEY_USERS\S-1-5-21-2482482263-1632091086-2385584113-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-2482482263-1632091086-2385584113-1006\Software\SecuROM\License information*]
ClearJavaCache::
AtJob::
Reboot::- Ulož vytvořený TXT jako CFScript.txt
- Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
- Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.
Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: skype vir (pro Mc_Murphyho)
tak je to moc velké, tak to posílám v příloze J
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: skype vir (pro Mc_Murphyho)
Na fórum nelze vkládat TXT soubory. Rozděl log do více příspěvků. Pokud by měl více jak dva, uploadni mi to někam na net, třeba na Leteckou poštu na Ulož.to nebo někam. Sem mi pak případně hoď odkaz na stažení.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: skype vir (pro Mc_Murphyho)
Odkaz na zásilku:
http://www.uschovna.cz/zasilka/K9RNWSZ88HVFVFSK-D68
Kód zásilky: K9RNWSZ88HVFVFSK-D68
Velikost zásilky: 323.7 kB
Uloženo do: 25.10.2012
Soubory v zásilce:
ComboFix.txt (323.7 kB)
http://www.uschovna.cz/zasilka/K9RNWSZ88HVFVFSK-D68
Kód zásilky: K9RNWSZ88HVFVFSK-D68
Velikost zásilky: 323.7 kB
Uloženo do: 25.10.2012
Soubory v zásilce:
ComboFix.txt (323.7 kB)
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: skype vir (pro Mc_Murphyho)
Super, tohle vypadá už daleko lépe! 
Aplikuj ještě jednou script pro ComboFix, postup stejný a znova prosím v lokaci C:\ jako prve, ano?
Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.
Aplikuj ještě jednou script pro ComboFix, postup stejný a znova prosím v lokaci C:\ jako prve, ano? - Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
- Zkopíruj do něj tento script (pouze zelená písmenka v bílém poli!):
Kód: Vybrat vše
KillAll::
Collect::
c:\documents and settings\Jana Marešová\Data aplikací\Xsjejb.exe
Folder::
c:\documents and settings\Jana Marešová\Local Settings\Data aplikací\ESET
c:\documents and settings\Jana Marešová\Data aplikací\ESET
c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xsjejb"=-
Reboot::- Ulož vytvořený TXT jako CFScript.txt
- Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
- Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.
Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: skype vir (pro Mc_Murphyho)
ComboFix 12-10-10.02 - Jana Marešová 11.10.2012 17:57:51.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1466 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-11 do 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-11 15:47 . 2012-10-11 15:47 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{55932BB4-AE7A-4FD1-861D-A035E9026DBC}\offreg.dll
2012-10-11 13:33 . 2012-10-11 13:33 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{55932BB4-AE7A-4FD1-861D-A035E9026DBC}\MpKsld82b570e.sys
2012-10-11 08:42 . 2012-10-11 08:43 -------- d-----w- C:\702f5f3faf318cc0fd
2012-10-11 07:15 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{55932BB4-AE7A-4FD1-861D-A035E9026DBC}\mpengine.dll
2012-10-10 19:48 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-10 18:08 . 2012-10-10 18:08 -------- d-----w- c:\documents and settings\Jana Marešová\Local Settings\Data aplikací\ESET
2012-10-10 18:08 . 2012-10-10 18:08 -------- d-----w- c:\documents and settings\Jana Marešová\Data aplikací\ESET
2012-10-10 18:08 . 2012-10-10 18:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-10-10 15:55 . 2012-10-10 15:55 -------- d-----w- C:\rsit
2012-10-10 15:55 . 2012-10-10 15:55 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 07:28 . 2010-07-23 17:15 2516 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2012-08-30 20:03 . 2010-03-25 19:30 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:18 . 2008-04-14 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 09:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 09:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2008-04-14 09:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2008-04-14 09:00 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-04 21:06 . 2010-08-04 21:06 180351392 ----a-w- c:\program files\Nero-7.9.6.0_eng_trial.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Jana Marešová\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\windows\\system32\\PnkBstrA.exe"=
"c:\\windows\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2011 14:07 691696]
R1 MpKsld82b570e;MpKsld82b570e;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{55932BB4-AE7A-4FD1-861D-A035E9026DBC}\MpKsld82b570e.sys [11.10.2012 15:33 29904]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-11 18:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3176)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CNAB4RPK.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2012-10-11 18:08:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-11 16:08
ComboFix2.txt 2012-10-10 19:46
ComboFix3.txt 2012-10-10 17:25
.
Před spuštěním: Volných bajtů: 335 206 219 776
Po spuštění: Volných bajtů: 335 377 915 904
.
- - End Of File - - 46170AB07EDF7E9EF1DA9DB4976A1B65
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2013.1466 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\TZLog.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-11 do 2012-10-11 )))))))))))))))))))))))))))))))
.
.
2012-10-11 15:47 . 2012-10-11 15:47 56200 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{55932BB4-AE7A-4FD1-861D-A035E9026DBC}\offreg.dll
2012-10-11 13:33 . 2012-10-11 13:33 29904 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{55932BB4-AE7A-4FD1-861D-A035E9026DBC}\MpKsld82b570e.sys
2012-10-11 08:42 . 2012-10-11 08:43 -------- d-----w- C:\702f5f3faf318cc0fd
2012-10-11 07:15 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{55932BB4-AE7A-4FD1-861D-A035E9026DBC}\mpengine.dll
2012-10-10 19:48 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-10 18:08 . 2012-10-10 18:08 -------- d-----w- c:\documents and settings\Jana Marešová\Local Settings\Data aplikací\ESET
2012-10-10 18:08 . 2012-10-10 18:08 -------- d-----w- c:\documents and settings\Jana Marešová\Data aplikací\ESET
2012-10-10 18:08 . 2012-10-10 18:08 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\ESET
2012-10-10 15:55 . 2012-10-10 15:55 -------- d-----w- C:\rsit
2012-10-10 15:55 . 2012-10-10 15:55 -------- d-----w- c:\program files\trend micro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-11 07:28 . 2010-07-23 17:15 2516 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2012-08-30 20:03 . 2010-03-25 19:30 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:18 . 2008-04-14 09:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2008-04-14 09:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2008-04-14 09:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 09:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 09:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2008-04-14 09:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-23 06:27 . 2008-04-14 09:00 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-04 21:06 . 2010-08-04 21:06 180351392 ----a-w- c:\program files\Nero-7.9.6.0_eng_trial.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-26 173592]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-21 525824]
"RTHDCPL"="RTHDCPL.EXE" [2009-10-16 18782720]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\Jana Marešová\Nabídka Start\Programy\Po spuštění\
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\windows\\system32\\PnkBstrA.exe"=
"c:\\windows\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27.9.2011 14:07 691696]
R1 MpKsld82b570e;MpKsld82b570e;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{55932BB4-AE7A-4FD1-861D-A035E9026DBC}\MpKsld82b570e.sys [11.10.2012 15:33 29904]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17.4.2007 20:09 11032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-11 18:04
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3176)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\CNAB4RPK.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Celkový čas: 2012-10-11 18:08:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-11 16:08
ComboFix2.txt 2012-10-10 19:46
ComboFix3.txt 2012-10-10 17:25
.
Před spuštěním: Volných bajtů: 335 206 219 776
Po spuštění: Volných bajtů: 335 377 915 904
.
- - End Of File - - 46170AB07EDF7E9EF1DA9DB4976A1B65
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: skype vir (pro Mc_Murphyho)
Super, nyní se koukneme na tohle...
Stáhni AdwCleaner - http://general-changelog-team.fr/fr/dow ... adwcleaner
Stáhni AdwCleaner - http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulož jej nejlépe na Plochu.
- Ukonči všechny programy!!
- Klikni na [Search].
- Proběhne scan a pak se objeví log, který bude případně uložen na systémovém disku C:\ jako AdwCleaner[R?].txt - ten mi sem vlož.
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: skype vir (pro Mc_Murphyho)
# AdwCleaner v2.004 - Logfile created 10/11/2012 at 18:27:03
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jana Marešová - HP15896214019
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jana Marešová\Dokumenty\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
Folder Found : C:\Documents and Settings\David Mareš\Data aplikací\AVG Secure Search
Folder Found : C:\Documents and Settings\Jana Marešová\Data aplikací\AVG Secure Search
Folder Found : C:\Program Files\AskTBar
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKU\S-1-5-21-2482482263-1632091086-2385584113-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2482482263-1632091086-2385584113-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={621E3FCC-2001-47B4-85C4-03A05D2F4B02}&mid=da472a14a40a47d0bf211fbc72d5606d-510b77d700c5f43f461bf4904527c2b3619f8f2d&lang=cs&ds=gm011&pr=sa&d=2012-03-19 20:13:15&v=12.2.5.32&sap=nt
*************************
AdwCleaner[R1].txt - [6950 octets] - [11/10/2012 18:27:03]
########## EOF - C:\AdwCleaner[R1].txt - [7010 octets] ##########
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jana Marešová - HP15896214019
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jana Marešová\Dokumenty\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
Folder Found : C:\Documents and Settings\David Mareš\Data aplikací\AVG Secure Search
Folder Found : C:\Documents and Settings\Jana Marešová\Data aplikací\AVG Secure Search
Folder Found : C:\Program Files\AskTBar
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKU\S-1-5-21-2482482263-1632091086-2385584113-1006\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-2482482263-1632091086-2385584113-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={621E3FCC-2001-47B4-85C4-03A05D2F4B02}&mid=da472a14a40a47d0bf211fbc72d5606d-510b77d700c5f43f461bf4904527c2b3619f8f2d&lang=cs&ds=gm011&pr=sa&d=2012-03-19 20:13:15&v=12.2.5.32&sap=nt
*************************
AdwCleaner[R1].txt - [6950 octets] - [11/10/2012 18:27:03]
########## EOF - C:\AdwCleaner[R1].txt - [7010 octets] ##########
-
Mc_Murphy
- VIP in memoriam
- Příspěvky: 6706
- Registrován: 03 lis 2008 15:55
- Bydliště: Plzeň [ZČ]
- Kontaktovat uživatele:
Re: skype vir (pro Mc_Murphyho)
OK, provedeme další opravy.
- Spusť AdwCleaner znovu.
- Klikni na [Delete].
- PC provede opravu, restartuje se a vytvoří log C:\AdwCleaner [S1].txt - jeho obsah mi sem zase vlož.
Stáhni RogueKiller - http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukonči všechny programy!
- Spusť RogueKiller.
- Počkej, než program dokončí Prescan.
- Potom klikni na tlačítko [Prohledat] a počkej, až prohlídka proběhne.
- Klikni na tlačítko [Zpráva] - otevře se log, ten mi sem vlož.
- Detailní postup včetně obrázků najdeš zde: http://forum.viry.cz/viewtopic.php?f=24&t=120452
--- ... I'm moving on, I'm moving on, I'm moving on by the Spirit.
- You gave me love, I've found my identity, found my identity.
I'm moving on, I'm moving on, I'm moving on by the Spirit.- You gave me hope, I've found my identity in Christ...
Re: skype vir (pro Mc_Murphyho)
# AdwCleaner v2.004 - Logfile created 10/11/2012 at 18:54:20
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jana Marešová - HP15896214019
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jana Marešová\Dokumenty\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\David Mareš\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jana Marešová\Data aplikací\AVG Secure Search
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={621E3FCC-2001-47B4-85C4-03A05D2F4B02}&mid=da472a14a40a47d0bf211fbc72d5606d-510b77d700c5f43f461bf4904527c2b3619f8f2d&lang=cs&ds=gm011&pr=sa&d=2012-03-19 20:13:15&v=12.2.5.32&sap=nt --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [7079 octets] - [11/10/2012 18:27:03]
AdwCleaner[S1].txt - [6877 octets] - [11/10/2012 18:54:20]
########## EOF - C:\AdwCleaner[S1].txt - [6937 octets] ##########
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jana Marešová - HP15896214019
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jana Marešová\Dokumenty\Downloads\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\David Mareš\Data aplikací\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Jana Marešová\Data aplikací\AVG Secure Search
Folder Deleted : C:\Program Files\AskTBar
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registry] *****
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CB65206-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063DB9-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CB65201-89C4-402C-BA80-02D8C59F9B1D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063DB1-4EC0-403E-8DD8-394C54984B2C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FE063DB9-4EC0-403E-8DD8-394C54984B2C}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={621E3FCC-2001-47B4-85C4-03A05D2F4B02}&mid=da472a14a40a47d0bf211fbc72d5606d-510b77d700c5f43f461bf4904527c2b3619f8f2d&lang=cs&ds=gm011&pr=sa&d=2012-03-19 20:13:15&v=12.2.5.32&sap=nt --> hxxp://www.google.com
*************************
AdwCleaner[R1].txt - [7079 octets] - [11/10/2012 18:27:03]
AdwCleaner[S1].txt - [6877 octets] - [11/10/2012 18:54:20]
########## EOF - C:\AdwCleaner[S1].txt - [6937 octets] ##########
Přispějete na provoz fóra?